(Reuters) – The zombie attack alert issued on a handful of U.S. TV stations this week is more serious than a mischievous hacker prank say cyber experts, who warn the incident exposes lax security practices in a critical public safety system.
While broadcasters said poor password security paved the way for the bogus warning, security experts said the equipment used by the Emergency Alert System remained vulnerable when stations allow it be accessed via the public Internet.
The fear is that hackers could prevent the government from sending out public warnings during an emergency or attackers could conduct a more damaging hoax than a warning of a zombie apocalypse.
“It isn’t what they said. It is the fact that they got into the system. They could have caused some real damage,” said Karole White, president of the Michigan Association of Broadcasters.
Following the attacks on Monday, broadcasters were ordered to change the passwords for the EAS equipment.
The Federal Communications Commission (FCC) would not comment on the attacks, but in an urgent advisory sent to television stations on Tuesday said: “All EAS participants are required to take immediate action.”
It instructed them to change passwords on equipment from all manufacturers used to deliver emergency broadcasts. The FCC instructed them to ensure gear was properly secured behind firewalls and to inspect systems to ensure that hackers had not queued “unauthorized alerts” for future transmission.
The attacks come after warnings by government officials and outside security experts that the United States is at risk of a cyber attack that could cause major physical damage or even cost lives. President Barack Obama told Congress on Tuesday that some hackers were looking for ways to attack the U.S. power grid, banks and air traffic control systems.